One of the good habits of any PC user, and especially a system administrator, is to periodically change account passwords. The main thing is not to forget it later.
How to change password on remote desktop?:
- How to change password in Windows Server 2008
- How to change password in Winodows Server 2012 and Windows Server 2012 R2
- How to change password in Windows Server 2016
- Alternative way to change password in Windows Server 2016
- How to change password on remote desktop computer with combination CTRL + ALT + END
- How to change password on remote desctop with On-Screen Keyboard
- How to change password with VBS-script or with PowerShell
- How to change password using shell extension shortcut Windows Exploerer
- How to change password with Desktop Web Access
- How to change password with CredSSP and NLA
- How to change password with special RDP-file
In operating systems of the Microsoft Windows Server family, it is common to use the keyboard shortcut Ctrl + Alt + Del to change the password the problem is that the “three buttons” cannot be used through “Remote Desktop Connection”. Let's see how to change the password anyway.
In Windows Server 2008, this can be done from the Start menu by clicking on “Windows Security”.
On the updated screen, select “Change Password”.
We enter the old password and the new one and it's confirmation.
In Windows Server 2012 and Windows Server 2012 R2, the task has become somewhat more complicated.
Open the notebook and write two lines:
set objShell = CreateObject("shell.application")
objshell.WindowsSecurity
We save the file with the extension * .vbs (we write manually.). To do this, select File -> Save as ...
In a new window, select the directory to save the file, for example, Desktop. In the File type, select All files, and in the File name, specify an arbitrary name, for example, 1.vbs.
After saving the file, it is ready for execution. Double-clicking with the left mouse button will bring up a screen in which “Change password” should be selected.
Further, everything is familiar.
Fill in the fields with the old password, indicate the new password and its confirmation. Click on the arrow icon.
The Windows Server 2016 OS pleases with its attention to the user, but to change the password remotely, you still need to search for this item.
Open the Start menu and click on the user’s icon, select “Change account settings” in the menu that opens.
In the “Parameters” window that opens, select “Login parameters”, and in the Password section, click on the Change button.
In a new window, specify the current password and click on the Next button.
The window will be updated and ask for a new password, its confirmation, as well as a hint for the password. Click on the button “Next”. As a result, click on the Finish button. The next login will be with a new password.
An alternative way
This method is applicable both for changing the password for your account and the accounts of other users.
From the Start menu, select Administration (“Administration Tools” in Windows Server 2016).
In a new window, double-click open “Computer Management”.
In the left part of the window that opens, open the “Local users and groups” branch and open the Users folder. In the main part of the window, right-click on the user and select “Set Password ...” in the context menu.
The system will issue a warning. Having carefully read which and having realized all the risks, click on the “Continue” button. Otherwise, “Cancel."
In a new window, specify the new password and its confirmation. When finished, click on the OK button.
How to change password on remote desktop with combination CTRL + ALT + END.
To get the combination CTRL + ALT + DEL on remote desktop, you need to press CTRL + ALT + END.
Pressing this combination will open a dialog box for us in which we will have to select "Change password":
To change the password, we will need to provide some data:
How to change password on remote desktop using On-Screen keyboard.
When connecting to the desktop remotely, the password can be changed using the on-screen keyboard.
To open the on-screen keyboard, type "On-Screen Keyboard" or "OSK" in the Start menu.
After the on-screen keyboard appears, hold down the ALT + CTRL keys and use the mouse to press the Del button.
You will get a dialog box in which you yourself will need to select "Change password":
To change the password, we will need to specify: username, old password and repeat the new password twice:
How to change password in RDP session with a VBS script or PowerShell.
To call the password change window using a VBS script, create the WindowsSecurity.vbs file and enter the following lines of code there:
set objShell = CreateObject("shell.application")
objshell.WindowsSecurity
After that, after double-clicking on this VBS script, a dialog box will open in front of you, in which we will need to select "Change password":
To change the password, we will need to specify: username, old password and repeat the new password twice.
Also, to open the password change window using PowerShell, open PowerShell itself using the Start menu and use the command:
New-Object -COM Shell.Application).WindowsSecurity()
After that, a dialog box will open in front of you, in which we will need to select "Change password":
To change the password, we will need to specify: username, old password and repeat the new password twice.
To open the change password dialog box, you can create a shortcut with a link to the Windows Explorer shell extension.
First, create a shortcut and specify the given path for it:
C:\Windows\explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}
Next, choose a name for the label and create it:
After double-clicking on this shortcut, a dialog box will open in front of you, in which we will need to select "Change password":
To change the password, we will need to specify: username, old password and repeat the new password twice:
Change password with Remote Desktop Web Access
In Windows Server 2012 /R2 and later, remote users with Remote Desktop Web Access rights have the ability to reset their password themselves through a special web page on the Remote Desktop Web Access server.
The remote password change functionality is available on the server with the Remote Desktop Web Access role, but this feature is disabled by default.
To enable this feature:
Open the IIS Manager server management console and go to [Name of your Server] - Sites - Default Web Site - RDWeb - Pages and open the Application Settings section.
In the right pane, select the option named "PasswordChangeEnabled" and change its value to "true".
To check the availability of the password change page, go to: https://[RD-WEB-1]/RDWeb/Pages/en-US/password.aspx
After successfully changing the user's password, a message should appear:
Your password has been successfully changed.
How to change password in RDP witch CredSSP and NLA
Credential Security Support Provider (CredSSP) is a credential passing protocol used by RDP to protect DDoS attacks and unauthorized process execution.
Network Level Authentication (NLA) is a Remote Desktop Services feature that requires the connecting user to authenticate themselves before establishing a session with the server.
There is one important feature regarding changing an expired user password with RDP, related to the Network Level Authentication (NLA) option and the Credential Security Support Provider (CredSSP) protocol. By default, CredSSP with NLA for RDP is enabled on all versions of Windows starting with Windows Server 2012/Windows 8. NLA secures the RDP server by performing user authentication before establishing an RDP session with the server.
If the user's password has expired, or the user's AD administrator has enabled the option "userAccountControl" - wich requires to change password at first login, then an error will appear when logging in with RDP:
Remote Desktop Connection
You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support.
As a result, the user will not be able to connect to the RDP server and change the password.
In this case, so that the user can change the password himself, you can:
1) Set up Remote Desktop Web Access (RDWA) with a password change page as in this part of the manual : How to change password with Desktop Web Access
2) Create a separate server for changing user passwords. On this server, you need to disable the NLA function. In this case, users will be able to change the password.
3) The user can change his password remotely with PowerShell - as shown in this part of the tutorial How to change password with VBS-script or with PowerShell
Changing the password on the remote desktop using a special RDP file:
If you want the user to change the password using an .rdp file, then you must match the RDP configuration level security settings on the RDS interface and the server .rdp file prestandard on the client interface.
Try on the client side, open mstsc.exe.
In the start menu, type "mstsc" and select "Remote Desktop Connection":
Next, we configure all the necessary parameters for connecting to the server.
Click "Show more", enter the IP address of our remote computer and username there, then, using the Save As button, create an RDP file:
After that, open the RDP file with a text editor and add the line at the end of the file:
enablecredsspsupport:i:0
Explanation: Adding this parameter to the RDP connection properties will allow the client to successfully establish an RDP session with the remote system and change the password before gaining access to the remote desktop. However, this setting will lower the security level of the RDP connection, as the client will not be able to use Network Level Authentication (NLA), which we described earlier in our article.
If NLA is enabled, then the user will not be able to connect and will receive the corresponding error:
The only way to fix this error is to lower the RDP security level on the RDS server side by disabling the mandatory Network Level Authentication (NLA) requirement.
Important!
We do not recommend doing this if your remote computer may be subject to DDoS attacks and unauthorized processes.
To change this setting, on a remote computer, in the start menu, enter "Control Panel":
Next, go to "System and Security":
After that go to "System":
We open the window that appeared in full screen and select "Advanced system settings": "Allow connections only from ...":
We will have a window with "System Properties", go to the part with "Remote Access" and uncheck the box "Allow connections only from ...", then click "Apply" and "OK":
After we have disabled the NLA function on the RDP server side, the client, using a special RDP file, can successfully establish an RDP session and change the password in it:
After that you will be able to connect with the new password.
So, we have considered all possible ways to change the account password with RDP.